summaryrefslogtreecommitdiff
path: root/system/openssl/APKBUILD
blob: 4f3c2992357dec8b4fa49f93c956dc90414c2e06 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.2m
pkgrel=0
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
makedepends_build="perl"
makedepends_host="zlib-dev"
makedepends="$makedepends_host $makedepends_build"
depends_dev="zlib-dev"
checkdepends="perl"
arch="all"
license="openssl"

subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"

source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	0002-busybox-basename.patch
	0003-use-termios.patch
	0004-fix-default-ca-path-for-apps.patch
	0005-fix-parallel-build.patch
	0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
	0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
	0009-no-rpath.patch
	0010-ssl-env-zlib.patch
	1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
	1002-backport-changes-from-upstream-padlock-module.patch
	1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
	"

# secfixes:
#   1.0.2h-r0:
#     - CVE-2016-2107
#     - CVE-2016-2105
#     - CVE-2016-2106
#     - CVE-2016-2109
#     - CVE-2016-2176
#   1.0.2h-r1:
#     - CVE-2016-2177
#     - CVE-2016-2178
#   1.0.2h-r2:
#     - CVE-2016-2180
#   1.0.2h-r3:
#     - CVE-2016-2179
#     - CVE-2016-2182
#     - CVE-2016-6302
#     - CVE-2016-6303
#   1.0.2h-r4:
#     - CVE-2016-2181
#   1.0.2i-r0:
#     - CVE-2016-2183
#     - CVE-2016-6304
#     - CVE-2016-6306
#   1.0.2m-r0:
#     - CVE-2017-3735
#     - CVE-2017-3736

builddir="$srcdir"/$pkgname-$pkgver

build() {
	local _target _optflags
	cd "$builddir"

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
	aarch64*) _target="linux-aarch64" ;;
	arm*)   _target="linux-armv4" ;;
	ppc)	_target="linux-ppc" ;;
	ppc64)	_target="linux-ppc64"; _optflags="no-asm" ;;
	ppc64le) _target="linux-ppc64le" ;;
	i528 | pmmx | x86) _target="linux-elf" ;;
	x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
	s390x)	_target="linux64-s390x";;
	*)	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared zlib enable-montasm enable-md2 $_optflags \
		-DOPENSSL_NO_BUF_FREELISTS \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \
		enable-ssl2

	make && make build-shared
}

check() {
	cd "$builddir"
	make -j1 test
}

package() {
	cd "$builddir"
	make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
}

libcrypto() {
	pkgdesc="Crypto library from openssl"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
}

libssl() {
	pkgdesc="SSL shared libraries"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93  openssl-1.0.2m.tar.gz
2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c  0002-busybox-basename.patch
58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4  0003-use-termios.patch
c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae  0004-fix-default-ca-path-for-apps.patch
5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb  0005-fix-parallel-build.patch
820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1  0009-no-rpath.patch
5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420  0010-ssl-env-zlib.patch
8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17  1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389  1002-backport-changes-from-upstream-padlock-module.patch
6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch"